summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-07-07 16:24:21 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-07-26 19:09:04 +0200
commitea408c560ed85bb4ef7cf8f72f8463653501332c (patch)
tree30dcfc690db0353e786cc9873b6e11803a157611 /methods
parent51751106976b1c6afa8f7991790db87b239fcc84 (diff)
reimplement and document auth.conf
We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181
Diffstat (limited to 'methods')
-rw-r--r--methods/aptmethod.h19
-rw-r--r--methods/basehttp.cc2
-rw-r--r--methods/basehttp.h2
-rw-r--r--methods/curl.cc2
-rw-r--r--methods/ftp.cc3
-rw-r--r--methods/http.cc5
6 files changed, 25 insertions, 8 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index 04858e29d..a9af63fb7 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -5,6 +5,7 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
+#include <apt-pkg/netrc.h>
#include <algorithm>
#include <locale>
@@ -42,6 +43,24 @@ public:
return true;
}
+ bool MaybeAddAuthTo(URI &uri)
+ {
+ if (uri.User.empty() == false || uri.Password.empty() == false)
+ return true;
+ auto const netrc = _config->FindFile("Dir::Etc::netrc");
+ if (netrc.empty() == true)
+ return true;
+ // ignore errors with opening the auth file as it doesn't need to exist
+ _error->PushToStack();
+ FileFd authconf(netrc, FileFd::ReadOnly);
+ _error->RevertToStack();
+ if (authconf.IsOpen() == false)
+ return true;
+ if (authconf.Seek(0) == false)
+ return false;
+ return MaybeAddAuth(authconf, uri);
+ }
+
bool CalculateHashes(FetchItem const * const Itm, FetchResult &Res) const APT_NONNULL(2)
{
Hashes Hash(Itm->ExpectedHashes);
diff --git a/methods/basehttp.cc b/methods/basehttp.cc
index cc5039c75..03409a8d4 100644
--- a/methods/basehttp.cc
+++ b/methods/basehttp.cc
@@ -845,7 +845,7 @@ bool BaseHttpMethod::Configuration(std::string Message) /*{{{*/
return true;
}
/*}}}*/
-bool BaseHttpMethod::AddProxyAuth(URI &Proxy, URI const &Server) const /*{{{*/
+bool BaseHttpMethod::AddProxyAuth(URI &Proxy, URI const &Server) /*{{{*/
{
if (std::find(methodNames.begin(), methodNames.end(), "tor") != methodNames.end() &&
Proxy.User == "apt-transport-tor" && Proxy.Password.empty())
diff --git a/methods/basehttp.h b/methods/basehttp.h
index 7000e7b89..d2e085968 100644
--- a/methods/basehttp.h
+++ b/methods/basehttp.h
@@ -164,7 +164,7 @@ class BaseHttpMethod : public aptMethod
virtual void RotateDNS() = 0;
virtual bool Configuration(std::string Message) APT_OVERRIDE;
- bool AddProxyAuth(URI &Proxy, URI const &Server) const;
+ bool AddProxyAuth(URI &Proxy, URI const &Server);
BaseHttpMethod(std::string &&Binary, char const * const Ver,unsigned long const Flags);
virtual ~BaseHttpMethod() {};
diff --git a/methods/curl.cc b/methods/curl.cc
index 71149217a..8e06d858d 100644
--- a/methods/curl.cc
+++ b/methods/curl.cc
@@ -270,7 +270,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
if (SetupProxy() == false)
return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str());
- maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+ MaybeAddAuthTo(Uri);
if (Server == nullptr || Server->Comp(Itm->Uri) == false)
Server = CreateServerState(Itm->Uri);
diff --git a/methods/ftp.cc b/methods/ftp.cc
index 4972337e3..c5c4001fa 100644
--- a/methods/ftp.cc
+++ b/methods/ftp.cc
@@ -21,7 +21,6 @@
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/hashes.h>
-#include <apt-pkg/netrc.h>
#include <apt-pkg/strutl.h>
#include <iostream>
@@ -1015,7 +1014,7 @@ bool FtpMethod::Fetch(FetchItem *Itm)
Res.Filename = Itm->DestFile;
Res.IMSHit = false;
- maybe_add_auth (Get, _config->FindFile("Dir::Etc::netrc"));
+ MaybeAddAuthTo(Get);
// Connect to the server
if (Server == 0 || Server->Comp(Get) == false)
diff --git a/methods/http.cc b/methods/http.cc
index db4542981..f0cd77139 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -23,7 +23,6 @@
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/hashes.h>
-#include <apt-pkg/netrc.h>
#include <apt-pkg/proxy.h>
#include <apt-pkg/strutl.h>
@@ -350,7 +349,7 @@ bool UnwrapHTTPConnect(std::string Host, int Port, URI Proxy, std::unique_ptr<Me
Req << "Host: " << ProperHost << "\r\n";
;
- maybe_add_auth(Proxy, _config->FindFile("Dir::Etc::netrc"));
+ Owner->MaybeAddAuthTo(Proxy);
if (Proxy.User.empty() == false || Proxy.Password.empty() == false)
Req << "Proxy-Authorization: Basic "
<< Base64Encode(Proxy.User + ":" + Proxy.Password) << "\r\n";
@@ -931,7 +930,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
Req << "Proxy-Authorization: Basic "
<< Base64Encode(Server->Proxy.User + ":" + Server->Proxy.Password) << "\r\n";
- maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+ MaybeAddAuthTo(Uri);
if (Uri.User.empty() == false || Uri.Password.empty() == false)
Req << "Authorization: Basic "
<< Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";